What he means is, your security considerations here must come from some perceived threat. What kind of threat do you forsee that requires this high level of security?
Usually when you consider security you start with a threat model, describing the scenarios you want to protect your systems from. And based on that you decide the necessary technical security measures that are relevant.
I have an app where I register when I take my meds, and which meds.
I make sure to absolutely always tap the app while taking the meds. No taking meds and then going to find the phone, or tapping the app and then take the meds. Always do it simoultaniously.
With that rule in place, I know that I can 100% trust the app in telling me if I have taken them or not.
This works really great for me.